Application Development Blog Posts
Learn and share on deeper, cross technology development topics such as integration and connectivity, automation, cloud extensibility, developing at scale, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 
nandakumar_sasidharan
Participant

The Read Access Logging (RAL) tool allows you to monitor and log read access to sensitive data. It covers the following SAP technologies.

- RFC

- Webservices

- Web Dynpro ABAP

- Dynpro (SAP GUI)

RAL can be accessed using the SAP transaction SRALMANAGER. There are mainly two components of RAL, an Administration part and a Monitor part.

In this document I will briefly explain about the Recording functionality in RAL.

Step 1

Login ECC and go to transaction sralmanager.


RAL will get displayed in the browser. Select ‘Recordings’.

Step 2

Click on Create button.

Enter the channel, give Recording name and description.

It would be in recording mode when you click on Create button, if not select the Play button.

Now go to the ECC and enter transaction which you are recording.

Select the field to be recorded and CTRL+RIGHT CLICK. Then select Record field under Read Access Logging in the context menu.

You will get a message saying that “Field ‘RFKI1-GPART’ has been added to the recording ‘FPI1’ “

If you are re-recording then the following message will be displayed.

After recording the relevant fields, go back to SRALMANAGER and stop the corresponding recording.

To view the details of recording use the Lens button.

List of recorded fields will be displayed as below.

Step 3

For configuring details such as log domain, log context of the recorded fields click on Configuration in RAL.

Search the already existing configuration by providing the recording name. If does not exist create new configuration

Create Log group.

Drag and drop the recorded fields from the field list to Log group.

You can add the log domain by searching corresponding field.

Now Save as Active. Done with the recording.

Step 4

To test the recorded transaction, go to the tcode and enter values to the recorded fields.

Once the values have entered go to RAL and select the second tab Monitor.

Click Read Access Log and enter the user name and date/time in the search criteria.

You can find the list of entries with the recorded values of the user.

Select the entry based on time and you can see the values entered in the transaction.

These are the steps involved in RAL to track and monitor the transactions.

17 Comments